For human interaction with Vault, OIDC (OpenID Connect) is the best choice. The HashiCorp Vault documentation states: " Out of the selections provided, OIDC is the best choice since OIDC authentication uses the user’s web browser to complete the authentication request. This is not well suited for machine-to-machine authentication. " OIDC leverages identity providers (e.g., AzureAD, Google) for user-friendly authentication via browser-based flows.
The docs add: " The other options of Kubernetes, AppRole, and TLS are more geared towards application/machine/system authentication since they aren’t human-friendly. " Kubernetes suits cluster workloads, AppRole is for machines, and TLS secures communication, not human logins. Thus, D (OIDC) is correct.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit